42 matches found
CVE-2006-1279
CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...
CVE-2006-1279
CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...
CVE-2006-1279
CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...
CVE-2006-1280
CGI::Session 4.03-1 does not set proper permissions on temporary files created in 1 Driver::File and 2 Driver::dbfile, which allows local users to obtain privileged information, such as session keys, by viewing the files...
CVE-2006-1279
CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...
CVE-2006-1279
CVE-2006-1279 affects CGI::Session 4.03-1. The vulnerability allows local users to overwrite arbitrary files by exploiting a symlink attack on temporary files used by the drivers File, db_file, and possibly sqlite. The issue is a local-privilege/file-write vulnerability rather than a remote-execu...
CVE-2006-1280
CGI::Session 4.03-1 does not set proper permissions on temporary files created in 1 Driver::File and 2 Driver::dbfile, which allows local users to obtain privileged information, such as session keys, by viewing the files...
CVE-2006-1279
CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...
CVE-2006-1280
CGI::Session 4.03-1 does not set proper permissions on temporary files created in 1 Driver::File and 2 Driver::dbfile, which allows local users to obtain privileged information, such as session keys, by viewing the files...
[SA19211] CGI::Session Insecure Default Session File Permissions
TITLE: CGI::Session Insecure Default Session File Permissions SECUNIA ADVISORY ID: SA19211 VERIFY ADVISORY: http://secunia.com/advisories/19211/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: CGI::Session 4.x http://secunia.com/product/8688/...
CVE-2004-0755
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...
RHEL 2.1 / 3 : ruby (RHSA-2004:441)
An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world...
security flaw
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...
Low: Red Hat Security Advisory: ruby security update
An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world...
Ruby symbolic links problem
CGI::Session unsecurely creates temporary file...
GLSA-200409-08 : Ruby: CGI::Session creates files insecurely
The remote host is affected by the vulnerability described in GLSA-200409-08 Ruby: CGI::Session creates files insecurely The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Session instance to be written to a file, writes t...
Ruby: CGI::Session creates files insecurely
Background Ruby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. Description The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Sessi...
CVE-2004-0755
The CVE concerns Ruby CGI::Session FileStore creating session files with insecure permissions, enabling local users to read session data and hijack sessions. Technical details across connected docs confirm: FileStore writes session files with improper permissions, enabling a local information lea...
CVE-2004-0755
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
-------------------------------------------------------------------------- Debian Security Advisory DSA 537-1 [email protected] http://www.debian.org/security/ Martin Schulze August 16th, 2004 http://www.debian.org/security/faq -...